Microsoft posts quick “Fix it” links for SMB2 flaw in Vista

Microsoft has released an automated tool to disable its Server Message Block 2 …

Microsoft has issued a quick temporary fix, described in KB Article 975497, for a recently disclosed flaw for 32-bit and 64-bit flavors of Windows Vista, Windows Server 2008, and Windows 7 Release Candidate (but not the RTM). The flaw, which is in Microsoft's implementation of Server Message Block 2 (SMB2, an extension of the conventional server message block protocol), can be exploited to remotely crash and restart computers running either of the operating systems. Microsoft is telling IT pros to utilize its automated "Fix It" tool for now to deal with the unpatched vulnerability; here are the "fix this problem" links: Disable SMB2 and Enable SMB2. An important thing Microsoft notes for these "Fix it" links is that although the wizard may be in English only, the automatic fix still works for other language versions of Windows.

When Microsoft issued Security Advisory 975497 in regards to the issue earlier this month, the company listed three mitigating factors and two workarounds for the flaw: disable SMB v2 and block TCP ports 139 and 445 at the firewall. The "Fix it" links make it easy to use the former workaround since using the Windows Registry Editor is no longer necessary. Disabling SMB2 may slow down SMB connections between the operating systems but it might be worth the minor hassle. Microsoft continues to emphasize that it is not aware of any in-the-wild exploits or any real-world attacks, though there is exploit code that works as described.

The software giant again voiced its concern that this report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. Redmond did not offer a date for when to expect the patch, but did say it is still working on it and currently it's in the testing phase. The product team has built packages that work correctly, but tests are still being run to ensure quality. The next Patch Tuesday is October 13, though it's still possible the company will release an out-of-cycle patch if the situation worsens (such as attacks being implemented). Once the patch is released, if you've disabled SMB2, you'll want to enable SMB2 again.

"The software giant again voiced its concern that this report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk."

Just stop it Microsoft. It is like complaining about the wind. "Irresponsible Disclosure" is going to happen, whether you like it or not, so deal.

Missing the point. You have to say this so that it's something people think about and discuss. If you took the same attitude towards user behavior, you'd still have issues like Blaster from years ago. In the last few years, discussions like this, direction from the industry, etc...have made people much more cautious.

Of course you'll never stamp it out entirely, but you don't just stay quite and hope people figure it out on their own.

It is equivalent to complaining about getting feet of snow when you wanted sunshine.

It is pure CYA marketing-speak, and they get no sympathy from anyone when a complaint comes in. Why not use the manpower they have to address the holes quicker and test faster, so the prospect of zero-days actually impacting many users is reduced?

A zero-day is a vulnerability exploited while either unknown or undisclosed to the vendor in question. How is it that they can prevent a zero-day hit if the hole is not disclosed to them in a responsible fashion?

The flaw, which is in Microsoft's implementation of Server Message Block 2 (SMB2, an extension of the conventional server message block protocol), can be exploited to remotely crash and restart computers running either of the operating systems.